4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.032 Low
EPSS
Percentile
90.9%
The default configuration for the file upload handling system in Django
before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before
release candidate 3 uses a sequential file name generation process when a
file with a conflicting name is uploaded, which allows remote attackers to
cause a denial of service (CPU consumption) by unloading a multiple files
with the same name.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | python-django | < 1.1.1-2ubuntu1.13 | UNKNOWN |
ubuntu | 12.04 | noarch | python-django | < 1.3.1-4ubuntu1.12 | UNKNOWN |
ubuntu | 14.04 | noarch | python-django | < 1.6.1-2ubuntu0.4 | UNKNOWN |